Privacy

I highly recommend the great post on theLavabit case, written by Jennifer Granick who is associated with the Center for Internet and Society at Stanford Law School.

Lavabit,a now defunct encrypted email service provider, refused to turn over its Secure Sockets Layer ("SSL") key to the FBI after being ordered to do so by a federal court. The SSL is the mechanism by which the link between software applications on your computer and Internet servers is encrypted. In order for communication to take place between the software and the server a unique session key is produced when the server shares its public key with the client application.

In light of a recent data breach at the University of Arizona, I thought this might be a good time to review the law related to data breach notification.

With regard to the University of Arizona,it was recently reportedthat someone had accessed the server hosting the University’s College of Law website. Potential data accessible to the intruder included class rosters, names and social security numbers. In addition, the usernames and passwords for the law school’s intranet were also reportedly stored on the breached server.

The Children’s Online Privacy Protection Act or “COPPA” took effect in April of 2000. The Act is meant to protect the private information of children under the age of 13 from websites and online services that are aimed at children. The Act requires verifiable parental consent for the use of such information by the site. Some key COPPA provisions include the following: (i) the site’s maintaining of a detailed privacy policy, (ii) as noted above, the acquiring of verifiable parental consent before a site may collect personal information, (iii) providing the option for a parent to withdraw consent for any further collection of information, (iv) disallowing a site from making the providing of personal information a prerequisite for a child’s participation in a game or receipt of a prize and (v) maintaining reasonable procedures to protect the confidentiality, security and integrity of personal information collected from children.

In light of therecent decision regarding Google’s Street View, I thought it might be a good time to take a brief look at “The Wiretap Act.”

The Wiretap Act prohibits the intentional interception, either directly or indirectly, of any wire, oral or electronic communication. The law, first passed as Title III of the Omnibus Crime Control and Safe Streets Act of 1968, is codified under 18 U.S.C. §§ 2510-2522. Originally, the Act only covered wire and oral communications, but was extended to electronic communications under the 1986 amendment via Title I of the Electronic Communications Privacy Act.

Technology and privacy rights organizations from across the business and political spectrum have submitted a letter in support of a proposed amendment by Senators Patrick Leahy (D-Vermont) and Mike Lee (R-Utah). The proposed amendment would further restrict the ability of investigators to gain access to emails held on third party servers. The Electronic Communications Privacy Act of 1986 (ECPA) currently requires that government agencies obtain a warrant for access to emails less than 180 days old.

While the right of privacy is certainly associated with both the Fourth and Fourteenth Amendments of the U.S. Constitution, it is worth considering the role the First Amendment also plays with respect to the right of privacy. As we consider the ease with which privacy can be compromised in the digital age, we should also be wary of the effect that very same infringement could have on the willingness of individuals to engage in free and open discussions. Simply put, we need to consider the "chilling effect" privacy violations have on free speech.

Stanford Law School's Center for Internet and Society has launched a "Cookie Clearinghouse." Apparently, the Clearinghouse will develop and maintain both an "allow list" and a "block list." The idea is that the Clearinghouse will identify where tracking is being conducted unbeknownst to the user including those instances where the tracker is a third party site that has never even been visited by the user.

According to the Center's press release the Clearinghouse will be "consulting with an advisory board that will include individuals from browser companies including Mozilla and Opera Software, academic privacy researchers, as well as individuals with expertise in small businesses and in European law.

The Washington Post published an excerpted and redacted set of PowerPoint slides, originally put together by the NSA, which provides an overview of the PRISM program. You can find a link to the Post's page here.